In order to have the confidence in your binary, users will need to use trusted tools to confine it. Any sandboxing tool you bundle with your binary should be considered as (un)trusted as the binary itself.

You could provide a human readable setup script that creates an appropirate chroot or AppArmor configuration. That way, your users will be able to audit the script themsleves and see that your binary is sandboxed properly.

As @Dmitry said, if the application itself is closed source, you need to show the users at least the part that ensures the application is sandboxed, so they can inspect and even change the way of sandboxing (to adapt to their specific security setup). On top of a chroot, the application should also run as its own user (this can be done with setuid on the binary, which is transparent to users), with appropriately restricted access. With regard to sandboxing against various hardware (microphones, network,...), whatever part of this cannot be restricted by user permissions, would require at least lxc or a virtual machine. That makes things more complicated.